On Sun, Oct 23, 2016 at 6:46 PM, Paul Wise <p...@debian.org> wrote: > Better privacy than https can be had using Tor: > > https://onion.debian.org/
If Debian is open to improving SecureAPT's out of the box configuration by utilizing Tor, then that is fine, but I highly doubt Debian operators will enjoy the slowness. That is, unless Debian wants to require that every mirror operator also operate as a Tor exit node too ;) That will definitely improve the health and speed of the Tor network! But alas, that is an amount of privacy that I think is much more complicated to discuss and outside the scope of this thread, as pointed out by Russ as well. As also pointed out earlier, Let's Encrypt free CA certificates and open source configuration utilities make this incredibly easy now for mirror operators without HTTPS experience. And if you are worried about the rate limiting, I'm sure that can be removed for trusted Debian mirrors. The rate limits are squarely targeted at preventing malicious site operators that may utilize fast-flux methods to conceal their operations, AFAIK. -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen